Google relents—adds system password prompt before displaying web passwords

November 5, 2013 by Bob Yirka weblog

(Phys.org) —This past summer it was widely reported that Google Chrome had a web security flaw—all of the passwords that were saved for various web sites could be displayed by anyone gaining physical access to a computer, by typing in a simple command. That prompted a lot of people to criticize Google for its lackadaisical approach to web security for its user community. Google defended itself by noting that if someone gained physical access to someone else's computer and were able to use their Chrome browser, they would be able to access all of the web sites that the original owner had saved anyway (because the login and passwords would be filled in automatically), regardless of whether they could see the passwords, which were stored on the local hard drive in plain text.

Now it appears that Google has had a change of heart, at least as it applies to Mac users—Chromium developer François Beaufort has announced on his Google+ page that Google has implemented a "fix" for the problem for users of the Chromium Build for Mac. Now, if a sneaky person gains physical access to someone else's computer and tries to get the browser to show all of the saved , they will be prompted to first type in the Mac OS password. Of course, that still won't stop them from visiting and logging in automatically (because the passwords have still been saved after all) to whatever web sites they find in the list of favorites, their history, etc.

It's not clear why Google had a change of heart, or if the change will be made to Google Chrome (Windows) or if it will, how long that might take. Last summer, company reps said making such a change to Chrome would give users a false sense of security. They suggested that users lock their computer when away from the keyboard to give themselves a true security system.

It's clear that forcing users to type in a system password will prevent miscreants from quickly printing out a list of logins/passwords—whether it will also lull them into a false of remains to be seen—at least for Mac users.

Explore further: Software developer questions why Google Chrome allows for display of saved passwords in plain text

Related Stories

Google vision of password rings heard at security event

March 13, 2013

(Phys.org) —Google finds much appeal in gaining the distinction of leading the way toward a future where USB sticks and rings can replace traditional passwords. The idea of killing off passwords has been an attractive one ...

Recommended for you

Android's Nougat update isn't flashy, but still pretty handy

September 28, 2016

Nougat, Google's latest update of its Android smartphone software, isn't particularly flashy; you might not even notice what's different about it at first. But it offers a number of practical time-saving features, plus a ...

Disabled man gets license, shows driverless tech's potential

September 28, 2016

Former Indy Racing League driver Sam Schmidt has done a lot in the 16 years since an accident left him paralyzed from the neck down. He runs a racing team and a foundation. He's raced a sailboat using his chin. But the man ...

Hyperloop pushes dream of low-cost futuristic transport

September 23, 2016

Is it a plane, is it a train? No, say supporters of Hyperloop, a futuristic mode of transport floated by Silicon Valley billionaire Elon Musk that promises high-tech, high-speed and cheap travel over long distances.

MIT's flea market specializes in rare, obscure electronics

September 25, 2016

Once a month in the summer, a small parking lot on the Massachusetts Institute of Technology's campus transforms into a high-tech flea market known for its outlandish offerings. Tables overflow with antique radio equipment, ...

First test of driverless minibus in Paris Saturday

September 24, 2016

The French capital's transport authority will on Saturday carry out its first test of a driverless minibus, in the hope that regular routes for the hi-tech vehicles will be up and running within two years.

3 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

evropej
1 / 5 (6) Nov 05, 2013
Logging into a site is one thing, getting the password to log in from any pc is another. This is what happens when you get so big and go from technology development to groogling the world with spam.
Zera
1 / 5 (6) Nov 05, 2013
check out lightbeam - google sits at the centre of just about every interaction you have with the "web"
Ducklet
1 / 5 (5) Nov 05, 2013
The password has to be available in plaintext anyway, at some point, or the browser won't be able to auto-fill it.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.